mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Li Wang
70b1aa0a4c
CVE-2020-13950: Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service References: https://nvd.nist.gov/vuln/detail/CVE-2020-13950 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966738 https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b CVE-2020-35452: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow References: https://nvd.nist.gov/vuln/detail/CVE-2020-35452 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2020-35452 https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b CVE-2021-26690: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service References: https://nvd.nist.gov/vuln/detail/CVE-2021-26690 Upstream patches: https://security-tracker.debian.org/tracker/CVE-2021-26690 https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 CVE-2021-26691: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow References: https://nvd.nist.gov/vuln/detail/CVE-2021-26691 Upstream patches: https://bugzilla.redhat.com/show_bug.cgi?id=1966732 https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' References: https://nvd.nist.gov/vuln/detail/CVE-2021-30641 Upstream patches: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
|
|
From: Yann Ylavic <ylavic@apache.org>
|
|
Date: Mon, 11 May 2015 15:48:58 +0000
|
|
Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
|
|
may be NULL during prefetch, don't try to dereference it! Still
|
|
origin->keepalive will be set according to p_conn->close by the caller
|
|
(proxy_http_handler).
|
|
|
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2020-35504
|
|
|
|
Reference to upstream patch:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1966738
|
|
https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b
|
|
|
|
Signed-off-by: Li Wang <li.wang@windriver.com>
|
|
---
|
|
modules/proxy/mod_proxy_http.c | 2 --
|
|
1 file changed, 2 deletions(-)
|
|
|
|
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
|
|
index ec1e042..5f507d5 100644
|
|
--- a/modules/proxy/mod_proxy_http.c
|
|
+++ b/modules/proxy/mod_proxy_http.c
|
|
@@ -570,7 +570,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
|
|
apr_off_t bytes;
|
|
int force10, rv;
|
|
apr_read_type_e block;
|
|
- conn_rec *origin = p_conn->connection;
|
|
|
|
if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
|
|
if (req->expecting_100) {
|
|
@@ -630,7 +629,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
|
|
"chunked body with Content-Length (C-L ignored)",
|
|
c->client_ip, c->remote_host ? c->remote_host: "");
|
|
req->old_cl_val = NULL;
|
|
- origin->keepalive = AP_CONN_CLOSE;
|
|
p_conn->close = 1;
|
|
}
|
|
|
|
--
|
|
2.7.4
|
|
|